1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

sqlite3: fix CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the
number of aggregate terms could exceed the number of columns available.
This could lead to a memory corruption issue.

(From OE-Core rev: 52499a5ea3b4ba145914aca873844ab718953289)

Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Roland Kovacs
2025-07-24 14:40:14 +02:00
committed by Steve Sakoman
parent 76f88baf01
commit d5613f0d2e
2 changed files with 113 additions and 0 deletions
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
SRC_URI = "http://www.sqlite.org/2024/sqlite-autoconf-${SQLITE_PV}.tar.gz \
file://CVE-2025-3277.patch \
file://CVE-2025-29088.patch \
file://CVE-2025-6965.patch \
"
SRC_URI[sha256sum] = "b2809ca53124c19c60f42bf627736eae011afdcc205bb48270a5ee9a38191531"